Python StaticCryptographicMaterialsProvider Examples

Example #1

File: test_item.py Project: gwsu2008/aws-dynamodb-encryption-python

def test_no_decryption_key_but_decryption_requested(actions,
                                                    parametrized_item):
    encryption_key = JceNameLocalDelegatedKey.generate("AES", 256)
    signing_key = JceNameLocalDelegatedKey.generate("HmacSHA256", 256)
    encrypting_cmp = StaticCryptographicMaterialsProvider(
        encryption_materials=RawEncryptionMaterials(
            encryption_key=encryption_key, signing_key=signing_key))
    decrypting_cmp = StaticCryptographicMaterialsProvider(
        decryption_materials=RawDecryptionMaterials(
            verification_key=signing_key))

    encrypted_item = encrypt_python_item(
        parametrized_item,
        CryptoConfig(materials_provider=encrypting_cmp,
                     encryption_context=EncryptionContext(),
                     attribute_actions=actions),
    )

    with pytest.raises(DecryptionError) as excinfo:
        decrypt_python_item(
            encrypted_item,
            CryptoConfig(materials_provider=decrypting_cmp,
                         encryption_context=EncryptionContext(),
                         attribute_actions=actions),
        )

    excinfo.match(
        "Attribute actions ask for some attributes to be decrypted but no decryption key is available"
    )

Example #2

def _build_static_cmp(decrypt_key, verify_key):
    decryption_key = _load_key(decrypt_key)
    verification_key = _load_signing_key(verify_key)
    decryption_materials = RawDecryptionMaterials(
        decryption_key=decryption_key, verification_key=verification_key)
    return StaticCryptographicMaterialsProvider(
        decryption_materials=decryption_materials)

Example #3

def test_no_materials(method, message):
    empty_cmp = StaticCryptographicMaterialsProvider()

    with pytest.raises(AttributeError) as excinfo:
        getattr(empty_cmp, method)(EncryptionContext())

    excinfo.match(message)

Example #4

def build_static_jce_cmp(encryption_algorithm, encryption_key_length, signing_algorithm, signing_key_length):
    """Build a StaticCryptographicMaterialsProvider using ephemeral JceNameLocalDelegatedKeys as specified."""
    encryption_key = _get_from_cache(JceNameLocalDelegatedKey, encryption_algorithm, encryption_key_length)
    authentication_key = _get_from_cache(JceNameLocalDelegatedKey, signing_algorithm, signing_key_length)
    encryption_materials = RawEncryptionMaterials(signing_key=authentication_key, encryption_key=encryption_key)
    decryption_materials = RawDecryptionMaterials(verification_key=authentication_key, decryption_key=encryption_key)
    return StaticCryptographicMaterialsProvider(
        encryption_materials=encryption_materials, decryption_materials=decryption_materials
    )

Example #5

File: acceptance_test_utils.py Project: robin-aws/aws-dynamodb-encryption-python

def _build_static_cmp(encrypt_key, decrypt_key, sign_key, verify_key):
    encryption_key = _load_key(encrypt_key)
    decryption_key = _load_key(decrypt_key)
    verification_key = _load_signing_key(verify_key)
    signing_key = _load_signing_key(sign_key)
    decryption_materials = RawDecryptionMaterials(decryption_key=decryption_key, verification_key=verification_key)
    encryption_materials = RawEncryptionMaterials(encryption_key=encryption_key, signing_key=signing_key)
    return StaticCryptographicMaterialsProvider(
        decryption_materials=decryption_materials, encryption_materials=encryption_materials
    )

Example #6

File: test_item.py Project: samirboudjebla/aws-dynamodb-encryption-python

def test_no_encryption_key_but_encryption_requested(actions, parametrized_item):
    signing_key = JceNameLocalDelegatedKey.generate("HmacSHA256", 256)
    cmp = StaticCryptographicMaterialsProvider(encryption_materials=RawEncryptionMaterials(signing_key=signing_key))
    crypto_config = CryptoConfig(
        materials_provider=cmp, encryption_context=EncryptionContext(), attribute_actions=actions
    )

    with pytest.raises(EncryptionError) as excinfo:
        encrypt_python_item(parametrized_item, crypto_config)

    excinfo.match("Attribute actions ask for some attributes to be encrypted but no encryption key is available")

Example #7

File: test_item.py Project: samirboudjebla/aws-dynamodb-encryption-python

def test_only_sign_item(parametrized_item):
    signing_key = JceNameLocalDelegatedKey.generate("HmacSHA256", 256)
    cmp = StaticCryptographicMaterialsProvider(
        encryption_materials=RawEncryptionMaterials(signing_key=signing_key),
        decryption_materials=RawDecryptionMaterials(verification_key=signing_key),
    )
    actions = AttributeActions(default_action=CryptoAction.SIGN_ONLY)
    crypto_config = CryptoConfig(
        materials_provider=cmp, encryption_context=EncryptionContext(), attribute_actions=actions
    )

    signed_item = encrypt_python_item(parametrized_item, crypto_config)
    material_description = signed_item[ReservedAttributes.MATERIAL_DESCRIPTION.value].value
    assert MaterialDescriptionKeys.ATTRIBUTE_ENCRYPTION_MODE.value.encode("utf-8") not in material_description

    decrypt_python_item(signed_item, crypto_config)

Example #8

def test_valid_materials(materials, method):
    kwargs = {method: materials}
    static_cmp = StaticCryptographicMaterialsProvider(**kwargs)

    assert getattr(static_cmp, method)(EncryptionContext()) is materials

Example #9

def test_attrs_fail(invalid_kwargs):
    with pytest.raises(TypeError):
        StaticCryptographicMaterialsProvider(**invalid_kwargs)